We need to discuss Aadhaar

[mohit9206]

Aadhaar is the biggest threat to national security and no one's talking about it.Not newspapers,not news channels,no one.Everyone is mum about it.

Linking Aadhaar to bank accounts and sim cards has been made mandatory and its going to be a disaster.

People's aadhaar information and fingerprints will be stolen and their bank accounts drained,and even placing your fingerprints at a crime scene to falsely implicate you and many other disastrous possibilities.

In fact aadhaar info has been leaked multiple times.I will cite a few examples of it below.

https://thewire.in/130948/aadhaar-card-details-leaked/

 

 

Quote

“Based on the numbers available on the websites looked at, estimated number of Aadhaar numbers leaked through these 4 portals could be around 130-135 million and the number of bank accounts numbers leaked at around 100 million from the specific portals we looked at,” the report’s authors, Amber Sinha and Srinivas Kodali, state.

 

Quote

“While the UIDAI has been involved in proactively pushing for other databases to get seeded with Aadhaar numbers, they take little responsibility in ensuring the security and privacy of such data.With countless databases seeded with Aadhaar numbers, we would argue that it is extremely irresponsible on the part of the UIDAI, the sole governing body for this massive project, to turn a blind eye to the lack of standards prescribed for how other bodies shall deal with such data, such cases of massive public disclosures of this data, and the myriad ways in which it may used for mischief,” the report states.

 

There is a good chance someone already has your aadhaar and fingerprint data and if they want they could drain all the money from your bank account if they wanted to. This is a disaster waiting to happen.

http://indiatoday.intoday.in/technology/story/jio-data-leak-explained-is-your-data-safe-has-aadhaar-also-leaked-and-other-questions-answered/1/998336.html

Quote

This might very well be the biggest in the history of data breaches in India.

Reliance Jio customer data, comprising sensitive details of its 120 million users, including, as many have noted, their Aadhaar numbers, has been leaked online, and perhaps still remains in the black market of online data, where it’s sold to the highest bidder, and often leads to major cyber frauds.

 

http://www.deccanchronicle.com/nation/current-affairs/040517/aadhaar-data-leaked-says-centre.html

 

Quote

Senior lawyer Mr Shyam Divan drew the court’s attention to a report that Haryana had made Aadhaar compulsory for issuance of birth certificates to newborn babies, and said that the scheme makes wholetime surveillance, from cradle to the grave, possible.

“This is perhaps the worst project possible under our Constitution and invasion of privacy. The architecture of Aadhaar is worthless as far as information security is concerned,” he said. “We are concerned with one-seventh of the total population of the world in the wake of a scheme where the degree of invasion is extremely high and protection much low. This system has never been tried in any democratic country. It shows the sinisterness of the government action. We don’t want our life tracked and monitored 24x7 as it be a tremendous compromise on civil liberties,” he said.

 

http://www.newindianexpress.com/states/telangana/2017/oct/28/aadhaar-of-300-people-stolen-rs-40-lakh-pension-money-swindled-1685237.html

 

Quote

 In a classic case of identity theft, a possibility repeatedly denied by the Centre and UIDAI officials, Aadhaar details of nearly 300 people were stolen their pension money swindled. City police estimate that around `40 lakh was stolen in this manner by three members in a series of frauds since mid-2015.

 

Quote

Ironically, explaining the theft of Aadhaar number and subsequently the identity of several persons, the police in its press note also made the 12-digit UID numbers of a couple of victims public. 

 

Quote

However, the public response to these revelations has been muted. The government and the UIDAI, the authority behind Aadhaar, have retreated behind the defence that only Aadhaar numbers have been leaked, and not biometric details, and hence there is no major problem.

However, experts warn that Aadhaar numbers by themselves pose a sufficient risk when leaked, and that the UIDAI has been consistently underplaying the risks of such leaks and overplaying the security of biometric identification.

Amber Sinha, who co-authored the CIS report, points out that it’s not just Aadhaar numbers that have been leaked on government websites, but also demographic information as well as financial details. Various such bits of data can be aggregated by fraudsters and used to steal identities and commit financial fraud online or through phones.

 

http://www.thenewsminute.com/article/why-aadhaar-leaks-should-worry-you-and-biometrics-really-safe-61469

 

Quote

“Somebody can call the bank pretending to be me, and he could also authenticate himself as me if he has all the data about me. The bank will ask him some four questions and if he has all that information, then the bank has no reason to believe that he is not me,” he explains.

 

Quote

“Somebody can apply for a SIM card with your Aadhaar number, and if the place that is issuing the SIM card didn't do a biometric verification then your card is good enough, because now they can do anything they want in your name,” Kiran said. In such cases, he points out, impersonation is almost ridiculously easy because the Aadhaar card, just a colour printout with no security features, can be faked by almost anyone.

He points out that, particularly in cases of online verifications, the problem of fraud is acutely heightened. “The thing is that if they have your number and your demographic details, if the government does a verification online, the details will match. Which means that the ID is not fake. It's just that you didn't actually authorise any of this. In a perfect world, everybody would do biometrics. The problem is that that does not exist right now.”

 

Quote

One of the major flaws of the current security practices of Aadhaar is that the UIDAI only takes responsibility for the security of data stored within its Central Identities Data Repository. However, explains Amber, over the last five years, the UIDAI has proactively seeded Aadhaar data across multiple government databases. However, the UIDAI has not exercised strict disclosure controls on these government databases, and there are no clear standards for publicity of information.

The CIS report points to the example of the Andhra Pradesh portal of the NREGA, which carries information on Aadhaar numbers and disbursal amounts on a simple text file, with no encryption or other security measures. The report argues that this system could easily be exploited to transfer illegal sums of money into these accounts, making beneficiaries liable for them.

Importantly, Amber points out that the recent publications of Aadhaar details cannot properly be called leaks. A leakage occurs, he points out, when information is treated as secret and stored accordingly and then breached from the outside or leaked by abusing access.

“Here the websites that we looked at are designed in such a way that anybody without any technical knowledge can access information. They are available for download as spreadsheets, how much simpler could it get?” he asks.

Even with the much-vaunted infallibility of biometric verification, experts warn, there are some scarily large loopholes present. While the UIDAI regularly goes to town with the claim that the biometric data stored in the CIDR is well protected behind multiple firewalls, detractors point out that biometric data collected at each transaction point is not similarly secure.

 

Quote

“The larger problem is that the UIDAI constantly plays a game of denial and catch up. They keep pretending like other people are stupid and their system will never be broken. And other people keep pointing out that they've forgotten the most obvious things about security in any information system. They are currently in denial mode, where they insist such things are not possible until after it happens, and then they say oh it's happening, let's go do something to fix it,” Kiran says.

Quote

“Lifting fingerprints is ridiculously easy. Anything you touch will leave fingerprints on it. All it requires is some cello-tape to make a copy of your fingerprints. And then you can apply some wax to it and you get an actual impression of your finger. You can go place that on any fingerprint reader and it'll be fooled,” says Kiran.

It’s not as if such duplication is not possible with devices like credit cards. However, says Kiran, there are two key differences. Firstly, credit card companies have built up elaborate checks and balances over years to tackle fraud. Secondly, and far more importantly, credit cards that have been compromised can be cancelled. “Revocability is a feature in the credit card system. In Aadhaar you can't revoke anything. If fraud happens, you are stuck with fraud for the rest of your life,” explains Kiran.

 

We are all f**ked.The fact this is not being debated on tv and newspapers and everywhere else shows how clueless everyone is or that nobody has the balls to talk about it. It is a huge disaster waiting to happen and it could very well happen to you tomorrow.And there is absolutely nothing you could do to prevent it.

[AtheK]

No we don't need to discuss here, some other forums maybe.